fe894c0a3f4a0660d71e44d765eb2ab104e6e745e3d1a57ef2dad121a133cfe4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe894c0a3f4a0660d71e44d765eb2ab104e6e745e3d1a57ef2dad121a133cfe4
Size

5KB
MD5

7d71fa8dc3478b66cb89a40e2919e817
SHA1

0be3d19ac669413d37f1e947cadb01e2c5422172
SHA256

fe894c0a3f4a0660d71e44d765eb2ab104e6e745e3d1a57ef2dad121a133cfe4
SHA512

6f5d3ce064a6492088b26a282296b8a3bea83b599274cc3a8be341972ef0838715d95876acd2186a2f4db4d930c3556eba343bd6fdb4572c11a8787047a0f46b
SSDEEP

96:6AsUpRFFPhc01nbnoMjYwl2aqaCyQhfABWwpcLajkSq:Zje0RD0wE/hfqx3

Score

N/A

Malware Config

Signatures

Files

fe894c0a3f4a0660d71e44d765eb2ab104e6e745e3d1a57ef2dad121a133cfe4
.dll windows x86

90ca042ace32bf194a0dda8e2ec06446

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
PsCreateSystemThread
RtlDeleteRegistryValue
RtlWriteRegistryValue
RtlCreateRegistryKey
ZwWriteFile
ExFreePoolWithTag
ZwReadFile
ExAllocatePoolWithTag
ZwQueryInformationFile
ZwCreateFile
RtlRandom
RtlCopyUnicodeString
RtlAppendUnicodeToString
RtlGetVersion
PsTerminateSystemThread
RtlFreeUnicodeString
ZwLoadDriver
RtlAppendUnicodeStringToString
RtlQueryRegistryValues
KeDelayExecutionThread

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 213B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 128B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 640B - Virtual size: 596B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 256B - Virtual size: 138B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ